Certified in Risk and Information Systems Control (CRISC) — Question 1294

A key risk indicator (KRI) flags an exception for exceeding a threshold but remains within risk appetite. Which of the following should be done NEXT?

Answer options

• A. Adjust the risk threshold level to match risk appetite.
• B. Review the risk appetite level to ensure it is appropriate.
• C. Review the trend to determine whether action is needed.
• D. Document that the KRI is within risk appetite.

Correct answer: C

Explanation

The correct answer is C because analyzing the trend can provide insights into whether the situation is improving or deteriorating, guiding further action. Option A is incorrect as adjusting the threshold may not be necessary if it is already within the risk appetite. Option B is not the immediate priority since the risk appetite is currently deemed appropriate. Option D is insufficient on its own as documentation does not address potential future risks indicated by the trend.